Of course. I don't advocate this sort of thing for use on anything but university networks for a very large number of reasons (least of which is it won't work for very long at all). On relatively small private networks though? Works great.
I should add that I don't have the technical details of how their system worked, but I believe it used nmap's OS fingerprinting. The process of getting your computer off of the protected subnet onto the real network took a minute or two regardless of your OS, but only window's users had to install antivirus to get through it.
(and yes, this system doesn't do squat for booting off windows boxes that were previously approved, but later became infected. This goes back to the whole issue of "antivirus isn't actually worth shit" though...)
The whole point of the system is basically to require people that don't know better to run virus protection software, while staying out of the way of people that do know better. If you know enough to get around they system, then they are not particularly worried about you anyway.
My school did this as well (requires virus software for windows users, whitelists everyone else automatically) and it worked out rather well.
Where does he do that? Literally the only thing he said was: "This was a patent case, not a copyright case. The two have very little to do with each other.", which certainly seems to me to be an entirely factually correct (and rather polite by slashdot standards) correction.
Why don't you read up on how SSL works? Or hell, just read up on what it's even meant for. The only reason it is used is because people assume other people are going to try exactly as you suggest. It is all about establishing secure connections over insecure ones. The assumption that there is somebody between you and the party you're talking about is implicit.
Googlesharing can't read your traffic because it's encrypted. You can confirm that it's encrypted, and encrypted by and only by google, by checking the certificates yourself. It's really not rocket-science.
In the first version you did have to trust googlesharing. In this version, thanks to added SSL support, you don't have to. It's right there in the fucking summary if you could bother to read the damn thing.
It's not just because key exchange is difficult... secure key exchange with a OTP is impossible unless both parties already have the same pad.
But hey, lets consider that it's possible to exchange a 256bit AES key provably securely with a OTP with somebody you don't have prior arrangements with. What are you going to do next, use AES? All your provable security is for naught if you do that!
Do you know what size OTP you need to transmit a 1 MB OTP? 1 MB.
Due to the very well established and mathematically defined limitations of OTPs, there are only a handful of real world scenarios where they are useful. If you need a high security and low bandwidth connection with somebody, know ahead of time how much data you'll reasonably have to push through, and know for a fact that you can safety exchange keys (won't need the security until later), then a OTP can work.
Basically, any situation that you ever hear about OTPs being used historically (cold war spy shit), is realistically pretty much the only sort of situation where it will ever make any sense.
It is sure as hell better than the alternative, which is nothing. The only provably secure crypto are OTPs, and that won't get you a secure key exchange on an insecure network.
All other ciphers are liable to fall to future discoveries.
The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.
You can't man-in-the-middle shit if you can't break RSA, or don't have google's private key. Read up on this shit before you make yourself look even more of a fool. Ignorance is forgiveable but actively avoiding the truth is not.
And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running.
No you don't, that's the difference between this version and the previous version. (I know, I know, RTFS is for wimps...) Unless their servers are using a previously unknown SSL exploit* then all you need to do is make sure the cert is correct. That's the thing with SSL, you only need to trust the CA. For the same reason that you don't have to trust your ISP (and every shady goon working there) you don't need to trust googlesharing (now).
This. People don't seem to realize that PDF, word documents, and flash will never take off as accepted formats for the layman unless they are baked into every major web-browser.
I've seen this post dozens of times now. I'd be rather surprised if it were the same person every time, and highly suspect it's nothing more than a carefully engineered piece of fiction designed to get responses such as yours.
Actually, you certainly can rise above the surface of the water with a submarine. You just need a good deal of momentum, and you're not going to stay up there very long... Try holding a beach-ball below water, as deep as possible, then letting go.
But yeah, not really going to happen with a weather balloon.
I can't help but notice that there is a fair shake of paranoia in these posts... mccarthy, racists, big pharm... You _do_ know that one of the side effects of marijuana for a lot of people is paranoia, right?
That shit is well documented history dude. Get off slashdot and go read a book or two.
You do realize that words are just sounds, or squiggles on a page or screen, right?
Wrong. Words represent ideas, that's why we find them so useful. When you don't know what words mean and use them incorrectly you are revealing your own ignorance.
From what I can tell, this basically means the main difference between the two is at the edges. Do you have any indication of how the edges differ, and which (if either?) is doing edges particularly inaccurately?
Interesting to note that where I thought I was seeing a difference on that picture, there really wasn't one. You really can't trust your eyes.:)
Slashdot Mirror
Sufficiently advanced incompetence is indistinguishable from malice.
And really, why does it matter which one it was? In either case these people shouldn't be in the positions they are.
Are you attempting to imply that those individuals are more likely to give an emotional response, instead of a rational one?
You sexist pig.
Of course. I don't advocate this sort of thing for use on anything but university networks for a very large number of reasons (least of which is it won't work for very long at all). On relatively small private networks though? Works great.
I should add that I don't have the technical details of how their system worked, but I believe it used nmap's OS fingerprinting. The process of getting your computer off of the protected subnet onto the real network took a minute or two regardless of your OS, but only window's users had to install antivirus to get through it.
(and yes, this system doesn't do squat for booting off windows boxes that were previously approved, but later became infected. This goes back to the whole issue of "antivirus isn't actually worth shit" though...)
The whole point of the system is basically to require people that don't know better to run virus protection software, while staying out of the way of people that do know better. If you know enough to get around they system, then they are not particularly worried about you anyway.
My school did this as well (requires virus software for windows users, whitelists everyone else automatically) and it worked out rather well.
Where does he do that? Literally the only thing he said was: "This was a patent case, not a copyright case. The two have very little to do with each other.", which certainly seems to me to be an entirely factually correct (and rather polite by slashdot standards) correction.
Welcome to slashdot, where people incorrectly think there can be only one correct spelling for a word.
Why don't you read up on how SSL works? Or hell, just read up on what it's even meant for. The only reason it is used is because people assume other people are going to try exactly as you suggest. It is all about establishing secure connections over insecure ones. The assumption that there is somebody between you and the party you're talking about is implicit.
Googlesharing can't read your traffic because it's encrypted. You can confirm that it's encrypted, and encrypted by and only by google, by checking the certificates yourself. It's really not rocket-science.
In the first version you did have to trust googlesharing. In this version, thanks to added SSL support, you don't have to. It's right there in the fucking summary if you could bother to read the damn thing.
Very creepy spam? I know I wouldn't even get far enough into reading it to realize.
It's not just because key exchange is difficult... secure key exchange with a OTP is impossible unless both parties already have the same pad.
But hey, lets consider that it's possible to exchange a 256bit AES key provably securely with a OTP with somebody you don't have prior arrangements with. What are you going to do next, use AES? All your provable security is for naught if you do that!
Do you know what size OTP you need to transmit a 1 MB OTP? 1 MB.
Due to the very well established and mathematically defined limitations of OTPs, there are only a handful of real world scenarios where they are useful. If you need a high security and low bandwidth connection with somebody, know ahead of time how much data you'll reasonably have to push through, and know for a fact that you can safety exchange keys (won't need the security until later), then a OTP can work.
Basically, any situation that you ever hear about OTPs being used historically (cold war spy shit), is realistically pretty much the only sort of situation where it will ever make any sense.
It is sure as hell better than the alternative, which is nothing. The only provably secure crypto are OTPs, and that won't get you a secure key exchange on an insecure network.
All other ciphers are liable to fall to future discoveries.
What do you think the entire purpose of SSL is? Educate yourself:
You can't man-in-the-middle shit if you can't break RSA, or don't have google's private key. Read up on this shit before you make yourself look even more of a fool. Ignorance is forgiveable but actively avoiding the truth is not.
for that matter: Welcome to Slashdot, where people think scepticism is a good replacement for education and intelligence.
It seems like half the commenter here may have at least RTFS, but simply don't know what SSL is.
No you don't, that's the difference between this version and the previous version. (I know, I know, RTFS is for wimps...) Unless their servers are using a previously unknown SSL exploit* then all you need to do is make sure the cert is correct. That's the thing with SSL, you only need to trust the CA. For the same reason that you don't have to trust your ISP (and every shady goon working there) you don't need to trust googlesharing (now).
*Hmm... well this is Marlinspike...
You don't know how SSL works do you?
Actually, I'm not really sure why I phrased that as a question. You don't. To get started, look up public key cryptography.
This. People don't seem to realize that PDF, word documents, and flash will never take off as accepted formats for the layman unless they are baked into every major web-browser.
Wait, what?
I've seen this post dozens of times now. I'd be rather surprised if it were the same person every time, and highly suspect it's nothing more than a carefully engineered piece of fiction designed to get responses such as yours.
tl;dr: it's a troll dude.
Actually, you certainly can rise above the surface of the water with a submarine. You just need a good deal of momentum, and you're not going to stay up there very long... Try holding a beach-ball below water, as deep as possible, then letting go.
But yeah, not really going to happen with a weather balloon.
That shit is well documented history dude. Get off slashdot and go read a book or two.
(never smoked pot in my life)
Bollywood movies are hardly "independent"...
DNA is Deoxyribonucleic acid. What does acid do? It melts things. If we were really made of acid then how come we don't melt?
They do not work as advertised.
Happy?
Wrong. Words represent ideas, that's why we find them so useful. When you don't know what words mean and use them incorrectly you are revealing your own ignorance.
You do realize that the term "allies" includes the soviets too, right?
If ponzi schemes worked, then they wouldn't be a problem either.
Of course they don't. Where in the world did you learn that they do?
From what I can tell, this basically means the main difference between the two is at the edges. Do you have any indication of how the edges differ, and which (if either?) is doing edges particularly inaccurately?
Interesting to note that where I thought I was seeing a difference on that picture, there really wasn't one. You really can't trust your eyes. :)